I use stunnel (http://www.stunnel.org) to wrap imap and pop3 mail. If you set
your stunnel.pem file with a hostname of "*" it will work for all sites,
but warn you the first time you accept the certificate. (this also defeats some of
the general purpose of trusting a site, but it still encrypts the
data through SSL)
I add the following to /etc/rc.d/rc.local:
/usr/local/sbin/stunnel -T -d simap -l /usr/sbin/imapd -p /etc/stunnel.pem
/usr/local/sbin/stunnel -T -d spop3 -l /usr/sbin/qpopper-stunnel -p /etc/stunnel.pem
where 'qpopper-stunnel' is a small script:
---
#!/bin/bash
/usr/sbin/in.qpopper -R -T 300
---
This has worked out well for a few clients, including Mozilla mail and Eudora
(I have not tried it with any others).
Hope this helps,
- Eric
Paul Ferwerda wrote:
> What is a good way to secure the process of checking email on a RAQ? I'm concerned
>that if someone is supplying a password to check admin email that the password can be
>sniffed.
>
> Thanks,
> Paul
_______________________________________________
cobalt-security mailing list
[EMAIL PROTECTED]
http://list.cobalt.com/mailman/listinfo/cobalt-security
